Currently we do something sort of halfway: archive the actual configs
and then run audit scripts against them, which parse the configs.
not ideal but it helps catch simpler errors. One of these days when I
extra cycles.. (yeah, right)
There are a handful of good products on the market that do this for
you, like True Control from Rendition and Device Authority from
Alterpoint. We recently purchased Device Authority primarily for its
auditing and compliance monitoring, but also for the ease with which we
can push out mass changes to devices. It's honestly cooler than sliced
bread. The downside to these applications is the price. Ouch.
Regardless, now that I have Device Authority, I sure as heck would not
give it back!